The present invention relates to user authentication and, more particularly, to user authentication for the use of smart cards.
Smart Cards
The term "smart card" herein denotes any device which may be conveniently carried upon one's person and which contains an active internal logic device capable of securely interfacing with and exchanging data with specifically authorized external devices. Smart cards are sometimes referred to as "integrated circuit cards" or "chip cards". Smart cards are generally described by a set of international standards well-known in the art, including, but not limited to publications ISO 7810, ISO 7811, ISO/IEC 7812, ISO 7813, ISO/IEC 7816, ISO/IEC 10373, ISO/IEC 10536, and ISO/IEC 14443, all of which are herein collectively denoted by the term "standards for integrated circuit cards" and incorporated by reference for all purposes as if fully set forth herein. Smart cards are both defined by and based on the standards for integrated circuit cards. Smart cards based on the standards for integrated circuit cards generally conform thereto, where applicable, but also include features not necessarily described therein.
Purposes to which smart cards may be applied include, but are not limited to, performing financial transactions, establishing personal identity, providing access control, managing accounting information, and storing and retrieving personal records and other individual data. Smart cards are characterized by a high level of security, and are the medium of choice for storing sensitive information. A smart card capable of containing monetary instruments for use in financial transactions is herein referred to as a "stored-value smart card". The term "issuer" herein denotes any entity which distributes smart cards for a particular purpose or set of purposes. The term "user" herein denotes any person using, or attempting to use, a specific smart card. The term "authorized user" herein denotes a person who has been given permission, or is "authorized", to use that smart card for a specific purpose or set of purposes. In many cases, the authorized user of a smart card is the owner thereof, but the owner and authorized user need not be the same.
Prior art smart cards include but are not limited to, the various devices illustrated in the accompanying diagrams. FIG. 1A illustrates a smart card 100 substantially similar in external physical size and shape to an ordinary banking card or charge card, having a plastic card body 102 containing an active internal logic device (not shown), and having metallic electrical contacts 104 on the surface of card body 102 for interfacing with external devices and for obtaining electrical operating power therefrom. Normally, a smart card does not have a self-contained source of electrical power, but rather depends on an external device to supply electrical energy for operation (various configurations for powering a smart card are discussed herein). FIG. 1B illustrates an example of a smart card 150 as commercially distributed, usually having various markings printed thereon, such as the issuer's logo 152 or similar trademark, user photograph 154, user name and identifying information 158, and bar code 156 or other means of machine-readable identification independent of the active internal logic device. There is considerable variety in the markings found on commercial smart cards, and those shown in the figures are merely illustrative non-limiting examples. In addition, smart cards are sometimes embossed in a manner similar to that of ordinary charge cards, but the location where embossing is done is restricted to avoid damage to the active internal logic device. Furthermore, smart cards frequently have magnetic stripes on the reverse side (not shown), similar to that of ordinary charge cards.
FIG. 2 illustrates an example of a prior art contactless smart card 200, which is similar to smart card 100 (FIG. 1B), except that there are no electrical contacts 104 (as in FIGS. 1A and 1B). For interfacing with an external device, contactless smart card 200 has an internal radio frequency transceiver and antenna (not shown) to obtain electrical power from the radio frequency carrier transmitted by the external device, and to communicate therewith by radio-frequency transmission. Contactless smart cards are sometimes referred to as "proximity smart cards" or "RF smart cards". Because contactless smart cards can interface with an external device merely by coming into proximity with that external device and without the need for contact therewith, the physical size and shape of contactless smart cards is variable.
Smart Card User Interaction
In addition to interfacing with external devices, a smart card must also be able to interact in some way with the user, although direct exchanges of data with the user are normally limited to a few basic commands from the user and limited information sent to the user (such as a monetary balance held within the smart card). A specialized form of interaction with the user involves the issue of authentication, which is discussed separately below.
Because of the limited interaction of a smart card with the user, only a simple visual display is generally needed to output information from the smart card to the user.
User input to a smart card is in the form of a sequence of symbols, where the sequence contains one or more symbols selectable from a predefined set. The sequence of symbols can represent a desired command, action, choice, selection, or response from the user to the smart card, and in many cases the sequence can consist of a single symbol. The term "symbol" herein includes, but is not limited to, alphabetic characters, numerical digits, words, abbreviations, punctuation signs, typographical marks, written notations, pictorial representations, abstract graphical elements and the like, as well as any combination thereof. Because the symbol set is limited, only a simple keypad is necessary to receive input from the user. The term "keypad" herein denotes any device having distinct user-activatable touch-sensitive, contact-sensitive, pressure-sensitive, or proximity-sensitive areas which respectively represent the different allowable symbols of the predefined symbol set, and which interfaces with another device to signal to that device the areas activated by the user or the symbols corresponding thereto. The terms "enter", "entering", and "entry" herein denote the action, by a user, and the result thereof, of sequentially activating the different areas of the keypad to indicate the different symbols of a sequence. The term "receiving" in the context of an entry into a keypad, or the symbols thereof, herein denotes an active response to the entry or symbols. The term "identifying indicia" herein denotes any features which physically distinguish or identify to a user the different areas of a keypad for the purposes of entering a sequence of symbols. Identifying indicia include, but are not limited to, printed, painted, molded, engraved, layered, laminated, attached, colored, cut, etched, embossed, debossed, raised, recessed, shaped, stamped, textured, electrically displayed, illuminated, imaged, reflecting, projected, punched, and holographic markings. The term "visible identifying indicia" herein denotes identifying indicia which are visible to the human eye. The term "conditionally visible identifying indicia" herein denotes identifying indicia which are visible to the human eye only when certain conditions are met. A keypad need not necessarily have identifying indicia, and these terms as used herein denote separate entities.
Variations of prior art smart cards include devices with additional capabilities for user interaction, such as the prototype combination smart card developed by Smart Card International, Inc., Daytona Beach, Fla. and illustrated in FIG. 3. A combination smart card 400 has a plastic card body 102 and electrical contacts 104, but also contains a visual display 402 and a keypad 404 for user entry of data. In addition to an active internal logic device (not shown), combination smart card 400 also includes an internal battery (not shown) to provide electrical power when used separately from an external device (as previously noted, a typical smart card has no internal source of electrical power, but depends on an external device to supply electricity). Internal sources of electrical power allow a smart card to be operated without relying on any external device. Internal sources of electrical power include, but are not limited to, batteries and solar cells. A combination smart card with an internal solar power cell is disclosed in U.S. Pat. No. 5,777,903 to Piosenka et al. Some combination smart cards can be used not only to view an internal balance, but also as a calculator. Combination smart cards of this sort, sometimes referred to as "super smart cards", however, have not been commercially successful and have not been placed into large-scale production. There are a number of problems with such combination smart cards, including technical problems meeting the specifications contained in the annex to the ISO 7816 standard, with regard to the use of liquid-crystal visual displays (such as visual display 402). The annex to the ISO 7816 standard (Design and use of Identification Cards having Integrated Circuits with Contacts) specifies minimum tolerance levels for bending, flexing, and torsion of the smart card. Although combination smart cards are able to meet these specifications for basic smart card functions, the liquid-crystal visual displays used therein typically experience an unacceptably high rate of failure after a moderate amount of flexing and bending. To perform without failure, a liquid-crystal visual display should be maintained in a rigid configuration, and therefore such visual displays are not well-suited to be incorporated into a thin card which is expected to be flexed and bent. Other problems of the combination smart card relate to user and issuer acceptance. The limited lifetime of an internal battery for operation when the combination smart card is not presented to a reader present problems for the user. Even when a solar cell is utilized, however, there is a more serious objection in that issuers do not find the combination smart card commercially acceptable because most of the front of card body 102 is consumed by keypad 404 (FIG. 3), leaving little or no practical room for material such as logo 152, user photograph 154, and additional information 156, 158 (FIG. 1B). Issuers consider the ability to imprint such information on a smart card to be very important for marketing the smart cards to consumers and for normal use of the smart cards.
In addition to the combination smart card as discussed above and illustrated in FIG. 3, devices for similar purposes utilizing different formats have been proposed. For example, U.S. Pat. No. 4,277,837 to Stuckert discloses a portable personal financial terminal for use with data storage cards (similar to smart cards) as well as external devices such as point-of-sale terminals. U.S. Pat. No. 4,877,950 to Halpern discloses a similar device for use as an electronic purse. Both of these devices are self-contained miniature terminals with a keypad, visual display, active logic circuits, memory, interfacing to external devices, and internal source of electrical power. Halpern discloses a method for user authentication by which the user enters his or her secret personal identification number via the keypad of the device prior to presenting the device to a reader. The object of this is to allow a financial transaction between the device and the reader to be executed as rapidly as possible. Both the device disclosed by Halpern and the device disclosed by Stuckert are intended and designed to perform useful functions when not connected to any external device.
Smart Card Readers
The term "reader" herein denotes any device which is capable of interfacing with and exchanging data with a smart card. In general, a reader is capable of both reading data from a smart card and writing data to a smart card. There are a number of different reader configurations known in the art, for handling various smart card applications. There are hand-held and portable readers, counter-top readers, and readers designed to be built in to other devices and equipment. The terms "present", "presenting", and "presentation" with reference to smart cards and readers herein denote the action by which a user causes a smart card to interface with a reader for the purposes of receiving electrical power therefrom and exchanging data therewith. The terms "accept" and "accepted" with reference to smart cards and readers herein denote the action by which a reader enables the interfacing of a presented smart card for the purposes of exchanging data therewith.
Many readers, in addition to having apparatus for interfacing and exchanging data with smart cards, also contain visual displays and keypads suitable for interacting with users. These features of prior art readers, as well as the process of presentation of the smart card, are illustrated in the accompanying diagrams.
FIG. 4A illustrates a prior art reader 500 for a smart card having electrical contacts 104. Reader 500 is contained within a reader case 502 and has a slot 508 for the presentation of a card body 102. Reader 500 may also include a keypad 504 and/or a visual display 506. To present a smart card to reader 500, the user puts card body 102 into slot 508, as shown in FIG. 4B. Note that the generally preferred orientation is for electrical contacts 104 to face up and toward slot 508, as shown in FIG. 4A. This orientation minimizes the amount of frontal area required for the reader and is utilized in all currently-available commercial smart card readers.
Note that part of card body 102 protrudes from slot 508 after presentation (FIG. 4B). This will be the case even when reader 500 is part of an automated banking machine, and therefore reader 500 differs in this respect from current banking machine card reading devices for use with ordinary charge and banking cards, which have a mechanism to bring a card entirely inside the machine where the user cannot gain access. In certain circumstances, the banking machine will retain the card rather than return it to the user. This practice is not acceptable for certain applications of smart cards, particularly those involving financial transactions and personal record-keeping, because the smart card (along with the contents thereof) is generally the personal property of the user rather than property of the issuer (as is the case with ordinary charge and banking cards), and therefore the issuer does not have any right to confiscate or otherwise take possession of a presented smart card, as would be the case for an ordinary charge or banking card. Thus, reader 500 must always allow some portion of card body 102 to be continually accessible to the user.
FIG. 5A illustrates a prior art reader 600 for a contactless smart card. Reader 600 is contained within a reader case 602 and has a proximity area 608 for the presentation of a card body 102. Reader 600 may also include a keypad 604 and/or a visual display 606. To present a contactless smart card to reader 600, the user brings card body 102 close to proximity area 608, as shown in FIG. 5B. For best radio-frequency communication, it is preferable that the plane of card body 102 be parallel to that of proximity area 608, and as close as possible thereto (within approximately 15 centimeters). Aside from this consideration, however, no specific orientation of card body 102 is required. Card body 102 may be rotated or even flipped upside down and reader 600 will still be able to accept the smart card. Furthermore, actual physical contact between card body 102 and reader 600 is unnecessary, provided good radio-frequency communications can be established. Moreover, card body 102 may be presented while enclosed within the user's hand or other object, such as the user's wallet. Despite these considerations, however, note that there is nothing to prevent a reader for a contactless smart card from having a slot or other alignment mechanism, and some readers are designed to accept both smart cards with electrical contacts and contactless smart cards.
Security and Authentication
Many smart card applications do not require extensive security checking. For example, petty purchases, such as a soft drink or a newspaper, do not justify elaborate measures to guarantee that the user is authorized to use a particular smart card to make such a purchase. There are many circumstances, however, when it is necessary to require that the user furnish acceptable proof that he or she is an authorized user of the smart card. The terms "authenticate", "authenticating", and "authentication" herein refer to any process which distinguishes between an authorized user of a smart card and someone who is not authorized.
A commonly-employed prior art method of authentication is to require the user to enter, on a designated keypad, a special sequence of symbols presumably known only to an authorized user. Therefore, the term "secret personal identification number" herein denotes any sequence of symbols associated with a smart card and intended to be known only to an authorized user of that smart card, such that the entry thereof establishes that the user is authorized to use the smart card. The intended function of a secret personal identification number is to prevent users who are not authorized from using the smart card. The terms "challenge", "challenged", and "challenging" herein denote the requiring, either expressed or implied, of a user to enter the secret personal identification number. Naturally, such a challenge does not divulge to the user what the secret personal identification number is, but only that the user must enter the secret personal identification number. If the user correctly enters the secret personal identification number for the smart card, the user is presumed to be an authorized user for that smart card. The secret personal identification number is commonly referred to as a "PIN", and these terms are used herein synonymously.
FIG. 6 is a flowchart conceptually showing the steps of a common prior art authentication method employing a secret personal identification number (PIN) associated with a smart card. In a step 702 a user presents the smart card to the reader, and the smart card is associated with a PIN 704. At a decision point 706, if authentication is not required, the presentation of the smart card is immediately accepted in a step 708. Otherwise, the user is challenged to enter the PIN in a step 710. Note that the challenge may be implicit, where the user already understands the need to enter the PIN and needs no prompting to do so, or the challenge may be explicit, where the user is specifically directed to enter the PIN. Next, in a step 712, a timer 714 is reset and started. Timer 714 is used to determine how long the smart card has been presented and to terminate the authentication process if an excessive amount of time transpires. At a decision point 716, if the user has correctly entered PIN 704, the presentation of the smart card is accepted in step 708. There are a variety of methods well-known in the art for determining if an entry corresponds to a secret personal identification number, some of which do not require knowledge of the secret personal identification number itself. As discussed below, for example, a one-way hash function can be used to compare the user's hashed entry against a stored hash of the secret personal identification number. If these match, then the entry is that of the correct secret personal identification number. Otherwise, the entry is incorrect. In any case, however, the entity verifying the entry does not have to know what the entry is or what the secret personal identification number is. If the user has not correctly entered the PIN, a decision point 718 checks to see if timer 714 has exceeded a predetermined elapsed time limit 720. If elapsed time limit 720 has been exceeded, then the presentation of the smart card is rejected in a step 722. Otherwise, decision point 716 is repeated. Ultimately, therefore, the presentation of the smart card will either be accepted, in step 708, or rejected, in step 722, depending on whether the user enters the correct PIN within predetermined elapsed time limit 720 or not. It is noted that the prior art flow illustrated FIG. 6 is not the only logical sequence utilized in the prior art. For example, the user can enter the PIN into a combination smart card (FIG. 3) prior to presentation of the combination smart card to the reader.
As also noted above, an authentication technique that is well-known in the art is to verify the entered PIN indirectly through the use of a transformation function, such as a hash function. That is, the sequence of symbols as entered by the user is not compared against a stored copy of the PIN, but rather the transformed sequence of symbols is compared against a stored copy of the transformed PIN. This is to prevent a person who obtains the stored copy of the transformed PIN from knowing the PIN itself, and is accomplished by using a mathematical transformation function that is difficult to invert. Such transformation functions are well-known in the art, and are commonly referred to as "one-way" functions. Accordingly, the term "corresponds to" in reference to a comparison of an entered sequence of symbols against stored content for purposes of authentication herein denotes the result of any comparison that verifies the correctness of the sequence of symbols, including the application, as necessary, of a transformation function. Furthermore, the term "associated with" , in reference to such stored content, herein denotes that the stored content is used in such a comparison, applying, as necessary, a specific transformation function.
There are common variations on the method illustrated in FIG. 6. For example, some systems employ a variable-length PIN, and this requires the user to indicate that the PIN has been entered upon completion of the entry by pressing a special key on the keypad. Other systems, however, use a PIN of a predetermined fixed length, in which case the user merely has to enter all the symbols of the PIN without indicating completion, because the completion of the entry is implicit in the length of the PIN. There are also some ancillary considerations in the authentication process, which are often incorporated into the method. For example, it is helpful to the user to have some confirmation of the entry of each symbol of the PIN. If there is a visual display, each entry on the keypad can be indicated on the visual display. Usually, a single neutral symbol is repeated on the visual display to indicate each keypad entry, because it is considered poor security practice to show the actual symbols of the PIN on a visual display during entry. An audible signal accompanying each symbol entry is also sometimes used. Also important is an optional feature which disables the smart card if an invalid PIN is consecutively entered more than a predetermined number of times. The rationale for such a feature is that if a smart card is obtained by an unauthorized person, repeated attempts to guess the secret personal identification number by trial and error will most likely result in a series of invalid entries, which cause the smart card to be disabled. In some smart cards, the disabling can be reversed by the issuer (such as when the authorized user has merely forgotten the secret personal identification number), and in other smart cards the disabling is permanent and renders the smart card completely inoperative. The methods of authentication as used herein include the basic method as shown in FIG. 6 and described above, as well as any of these and other variations thereon.
Because the authentication of a user is based solely on the entry of a correct PIN, the terms "authenticate", "authenticating", and "authentication" are also used herein to denote the process of identifying the entry of a sequence of symbols which corresponds to the correct PIN, and the distinguishing such an entry from any other entry (such as that of an incorrect PIN) or the failure to make or complete an entry within the predetermined time limit. The term "authentication unit" herein denotes any device which is capable of determining whether an entered secret personal identification number is the correct secret personal identification number for a particular smart card.
Note, once again, that the "secret personal identification number" is actually associated with, and specific to, the smart card rather than the user. The user establishes his or her identity in terms of the smart card by knowing the secret PIN. Thus, it must be re-emphasized that the authentication discussed herein is an authentication of the user, rather than an authentication of the smart card. As a separate issue, it is necessary for the reader to verify that the smart card is genuine and authorized to participate in a particular data exchange, and it is also necessary for the smart card to verify that the reader is likewise genuine and authorized. Methods of mutual verification between the reader and the smart card are well-known in the art, and usually rely on techniques of modem cryptography. Some examples include the sharing of one or more secret cryptographic keys or derivatives thereof, and the use of public key cryptography and digital signature techniques. The present invention assumes that both smart card and reader are mutually verified by a suitable prior art method.
Limitations of the Prior Art
In order to authenticate a user by employing a secret personal identification number in the manner previously discussed, it is necessary for the user to have access to a keypad at or about the time the smart card is presented. This is currently done by providing a reader which includes a keypad, such as reader 500 with keypad 504 (FIG. 4A). Such a configuration, however, presents a security risk, in that under certain circumstances it is possible for an attacker to discover the secret personal identification numbers of users who present their smart cards to a compromised reader.
To show how this is possible, reference is now made to FIG. 7, which illustrates a block diagram of a prior art reader 800 having a keypad 810 for a user to enter his or her PIN when challenged after presenting a smart card 850. Reader 800 also has an authentication unit 806 for verifying the PIN, a reader processor 802 to control all interactions and handle data flow, and an encryption/decryption/smart card verification module 804. Note that authentication unit 806 is shown conceptually as a separate entity within reader 800, but may be logically incorporated into reader processor 802, encryption/decryption/smart card verification module 804, smart card 850, or within some other device or component. Likewise, encryption/decryption/smart card verification module 804 is shown conceptually as a separate entity within reader 800, but may be logically incorporated into reader processor 802 or some other device. When smart card 850 is presented to reader 800, reader 800 energizes smart card 850 from an electrical power source 808 (denoted in the drawings as "power source" for brevity), which supplies electricity to an electrical power interface 852 (denoted in the drawings as "power I/F" for brevity) inside smart card 850. After smart card 850 is powered and initialized, a secure session 830 is established, through which smart card 850 and reader 800 mutually validate each other and exchange data bidirectionally. Reader processor 802, controls all actions of reader 800 and coordinates the interactions thereof with smart card 850. After presentation of the smart card, if user authentication is required, the user enters the secret personal identification number on keypad 810, and the secret personal identification number is sent to authentication unit 806 which authenticates the user (as previously described and as illustrated in FIG. 6). Authentication unit 806 then signals reader processor 802 accordingly, and if the user is properly authenticated, then session 830 continues. Otherwise, session 830 is terminated. Session 830 is secure because of encryption/decryption/smart card verification module 804, which verifies that smart card 850 is genuine and encrypts all communications thereto. Likewise, smart card 850 contains an encryption/decryption/reader verification module 854, which verifies that reader 800 is genuine, and encrypts all communications thereto. Encryption/decryption/smart card verification module 804 is able to decrypt the communications from smart card 850 for reader processor 802, and encryption/decryption/reader verification module 854 is able to decrypt the communications from reader 800 for a smart card processor 856. Therefore, smart card 850 and reader 800 can readily communicate with each other over session 830 without an attacker being able to read any communications over session 830. Furthermore, an attacker cannot tamper with any of the communications over session 830 without being detected by encryption/decryption/smart card verification module 804 and/or by encryption/decryption/reader verification module 854.
Although smart card--reader session 830 is thereby secure, it is still possible to successfully attack the user authentication process at a point 812 between keypad 810 and authentication unit 806. Keypad 810 sends the sequence of symbols corresponding to the secret personal identification number to authentication unit 806, and therefore the secret personal identification number will be available at point 812. If an attacker compromises reader 800 by making a connection 814 to point 812, then the attacker will thereby obtain the secret personal identification number of the user, and this can be done without the user being aware.
In addition to this vulnerability to a breach of secret personal identification number security, prior art smart card systems can also suffer from another security flaw, regarding the need to allow unprotected access to certain data within the smart card. This limitation concerns the use of "personal smart card readers" by the users themselves. A personal smart card reader is an inexpensive portable device often given to a user of a stored-value smart card in order to be able to conveniently check the current monetary balance of the stored-value smart card. FIG. 8A illustrates a personal smart card reader 900, which is contained in a compact case 902 with a visual display 904 and a slot 906 for inserting a card body 102 of a smart card having electrical contacts 104. Personal smart card reader 900 may be equipped with a keyring 908 to facilitate carrying on the user's person for convenient access. As illustrated in FIG. 8B, when card body 102 is inserted into slot 906, personal smart card reader 900 activates the stored-value smart card, reads the balance therein, and displays the balance 910 on visual display 904 for the user to see. FIG. 8C shows a block diagram of a personal smart card reader 950 containing a personal reader processor 952 and a visual display 954. Note that personal smart card reader 950 does not contain a keypad nor an encryption/decryption/smart card verification module. Therefore, when personal smart card reader 950 establishes a session 840 with smart card 850, session 840 is not a secure session. Any information stored in a smart card which is allowed to be accessible to a personal smart card reader is therefore not secure and may become available to unauthorized persons should the smart card fall into the wrong hands. Normally, only the balance of a stored-value smart card will be made available without authentication, to enable the user to conveniently check the balance of the stored-value smart card with a personal smart card reader. It is not desirable that such information be unprotected, but the limitations of the prior art do not allow a personal smart card reader to be used to display any protected information within a smart card.
Note, once again, that one of the functions of a smart card reader is providing electrical power to the smart card. This is illustrated in FIG. 7 via electrical power source 808 (referred to in the drawings as a "power source" for brevity), as well as in FIG. 8 via battery 956. Both electrical power source 808 and battery 956 send a suitable voltage to electrical power interface 852 (referred to in the drawings as a "power I/F" for brevity) within smart card 850. This is in contrast to the combination smart card (FIG. 3), which has an internal battery (or solar cell) which provides electrical power to the smart card independently of any external device.
Prior art limitations lead to an even more serious security weakness as shown in FIG. 9A, when a smart card 1010 is used for identification purposes with a personal computer 1000. In this example, personal computer 1000 is made of a CPU 1002 which controls a monitor 1004 and receives input from a keyboard 1006. CPU 1002 also interfaces with a reader 1008 which establishes a secure session 1012 with a smart card 1010. Personal computer 1000 may connect to a network (not shown). Smart card 1010 may contain a variety of identification-related data objects and capabilities, such as digital certificates, secret cryptographic keys, and other data objects related to digital signatures and similar verification schemes. In some systems, access to a personal computer may require operator authentication. Connection to a network most always requires some level of operator authentication. A smart card is considered to provide a higher level of confidence in operator identity than the use of passwords alone. FIG. 9B shows a block diagram of the example configuration shown in FIG. 9A. Keyboard 1006 is scanned by a software driver (not shown) in an operating system 1050, which supports the application software 1052 that interfaces with reader 1008. There are many places in this setup at which security can be compromised. The use of a personal computer presents more security hazards than a specialized reader (FIG. 7), because the hardware is not designed to resist tampering, and much of the operation takes place in software that is readily accessible to an attacker. For example, the electrical connections from keyboard 1006 can be tapped at a point 1060 (FIG. 9B), so that an attacker can read or record user input on a line 1062. An attack can also be carried out entirely in software by monitoring the message traffic from operating system 1050 to application software 1052 at a point 1064. In this case, a data output 1066 can be used to obtain sensitive user input, such as the user's secret personal identification number. Furthermore, application software 1052 can be compromised at an internal point 1068, and a data output 1070 can be used to record or redirect user input of the secret personal identification number. As with a dedicated reader (FIG. 7), a configuration with a personal computer can be compromised and sensitive information obtained without the user's knowledge. This particular problem is quite serious, and attempts have been made to remedy the security weakness. For example, Groupe Bull in France has recognized the need for a more secure smart card reader for user authentication and in response has developed the "SafePad" personal smart card reader for use with personal computers. The "SafePad" smart card reader is a compact device which has an internal authentication unit, and is designed to be tamper-resistant. By performing user authentication within such a device, the problems indicated in FIG. 9B are intended to be minimized, because access to the internal components of the "SafePad" reader is harder to attain than access to the internal components and software of a personal computer. It is therefore intended by the manufacturer to be more difficult to compromise the user authentication process with the "SafePad" reader. Nevertheless, no device can be made completely tamper-proof, and so the "SafePad" reader merely isolates the problems indicated in FIG. 9B but does not completely eliminate them.
The devices disclosed by Stuckert in U.S. Pat. No. 4,277,837 and by Halpern in U.S. Pat. No. 4,877,950 also suffer from a security weakness, even though they have built-in keypads. If the user enters his or her PIN prior to presentation of the device to the reader, then the device will authenticate the user prior to presentation and will therefore be activated for use prior to presentation. It is thus possible that the activated device can be used by a person who is not authorized. For example, should the user enter his or her PIN and then, for some reason, not complete the presentation of the device to the reader, the device could remain active for an indefinite period of time. During this time, should the user lose or misplace the device, or should the device be stolen, the previous user authentication may permit subsequent use by someone who is not authorized.
The limitations of the prior art discussed above detract from the security of smart card systems, and consequently undermine user as well as issuer confidence in the employment of smart cards. There is a recognized need for, and it would therefore be highly advantageous to have, a smart card and reader which better maintains security of the user's secret personal identification number and which does not suffer from these limitations, while at the same time preserving the appearance and utility of the commercial smart card as based upon the standards for integrated circuit cards. This goal is met by the present invention.